1. Background
The Company is committed to complying with the provisions of the Privacy Act that relate to how entities handle Personal Information.
This Policy explains how we collect, hold, use and disclose Personal Information relating to individuals, whether or not they are customers, so as to ensure we meet our obligations under the Privacy Act. By providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Policy.
This Policy applies to the Company, including its Australian and New Zealand subsidiaries.
2. Terminology
In this Policy the expressions "we", "us" and "our" are a reference to the Company.
The expressions "you" and "your" refer to each and every individual whose personal information we may collect, hold, use and disclose from time to time.
A list of defined terms is set out below:
a) Company refers to Downer EDI Limited ACN 003 872 848, its subsidiary companies, operating divisions and business units;
b) Personal Information means information or an opinion about an identified or identifiable individual; and
c) Privacy Act means the Privacy Act 1988 (Cth) (for Australia), or the Privacy Act 2020 (for New Zealand), as it applies to you.
3. Protecting personal information
3.1 Types of Personal Information Collected
We collect different types of Personal Information depending on our interaction and relationship with you. We will only collect Personal Information to the extent that this is reasonably necessary for one or more of our functions or activities.
It may include the following:
a) identification data – such as name, gender, job title, photograph, date of birth, and copies of, or information from, identification documentation including a drivers’ licence, birth certificate and passport;
b) contact details – such as home and business address, email address, telephone numbers, next of kin and emergency contact;
c) if you are a prospective or existing employee or contractor, or a person working for a prospective or existing contractor to the Company – such as name, gender, email address, location, telephone number, licences and qualifications, employment history, resume or CV, information relating to payments, salary or wages (including group certificates, PAYG summaries, income statements, bank account details, tax file numbers and certain credit information (including garnishee orders on wages)), leave details, medical records, drug, alcohol and other medical testing, performance information (including employee appraisals and discipline), training information, interview notes, references, results of any psychometric tests and background checks (including reference and criminal records checks), work visa, immigration information and other information to verify identity and right to work;
d) website and applications (including mobile apps) – such as information required to provide access to Company websites, portals or applications (such as login information, IP addresses, ID), records of use of those websites, portals and applications, and geo-location;
e) usage information – such as information when websites or apps are used, such as server log information (IP addresses, browser type, operating system, browser language, time zone, access times and any referring addresses) and location information;
f) information about access and attendance to Company premises and other sites, and use of Company assets - such as security records about times of entry and exit, site attendance records, and audio, images and data from surveillance systems (including CCTV, location tracking data and data from computers and devices);
g) information about incidents – such details of incidents you may have either been involved in or witnessed, including incident witness information;
h) shareholders details - such as name, address, number of shares held, tax file number and bank account details;
i) information about products and services purchased from the Company or which you have enquired about – such as order details, transaction history, and delivery details; and
j) other information – such as call recordings, communications with you (including feedback, complaints, compliments, claims, correspondence), and marketing preferences.
If we collect ‘sensitive information’ about you (such as information about your health, racial or ethnic origin), we will request your consent before we collect and use this sensitive information, to the extent required under applicable laws (for example under the Australian Privacy Act), unless we are otherwise permitted or required by law.
3.2 Method of Collection
We generally collect Personal Information about you directly from you, for example when we interact with you in person, over the phone, through written communications (either on paper or electronic) or when you complete forms or answer questions on our website. We may also collect information about you:
a) through the use of automated data collection tools on our website, portals and applications, such as cookies; and
b) when you access our premises or other sites, or use our assets and applications.
We may collect Personal Information about you from someone else on occasions, for example:
c) recruitment processes – such as from your recruitment agency, nominated referees and/or through police or background checking processes;
d) publicly available sources of information - such as public registers;
e) your representatives – such as your legal advisor or trustee, or a third party that you have authorised to provide, or authorised us to collect from them, Personal Information;
f) our customers or business partners – such as Personal Information held by them and provided to us for the purpose of providing a service to them or to their customers;
g) our service providers – such as credit reporting bodies, and identity and fraud checking services; and
h) other Downer companies.
3.3 Provision of Third Party Information
You confirm that, in any instance where you provide us with the Personal Information of a third party, you have:
a) obtained the consent of that individual to our collection of the individual’s Personal Information and our use of that Personal Information in accordance with this Policy; and
b) prior to obtaining the consent of that individual, made all reasonable efforts to provide them with a copy of this Policy or advised the third party that a current copy of this Policy can be found on the Downer’s website.
3.4 How We Use Personal Information
We will not use or disclose your Personal Information other than for a purpose for which we have collected it, unless you have consented to it, or it is required or permitted by law.
We may use your Personal Information for the following purposes:
a) managing our relationship with you – such as providing you with products and services, and communicating with you;
b) recruitment and employment related purpose – such as to consider job applications, to consider whether to employ an individual or to retain an individual as an employee or contractor, and invitations to participate in recruitment activities and events;
c) managing access, safety and security risks – such as monitoring of access and use of premises, sites, Company assets and IT environment to protect the Company’s systems, infrastructure, information and other property and sites;
d) management of vehicle and plant fleets and other operational assets;
e) management of employees and contractors in all business operations – such as resource planning, workforce management, training management, communication and engagement activities, and assessment of whether an employee or a contractor is qualified or permitted to work (including to access and work on Company premises and other sites);
f) managing shareholder relationships – such as undertaking share transactions, dividend payments and communications with shareholders;
g) business-related purposes – such as placing, negotiating, managing, and fulfilling orders and contracts with prospective or existing customers, suppliers, subcontractors and third parties; managing business relationships; administering real estate leases and licences; managing accounts and records, and debt administration;
h) investigations and complaints – such as investigating, reporting and resolving any allegation, concern, complaint or incident;
i) legal obligations – such as meeting obligations imposed under law, responding to lawful requests from governments and public authorities, and responding to potential or actual litigation;
j) marketing and public relation purposes – such as sending publications, newsletters and marketing material (unless you have opted out of such marketing);
k) website administration and internal operations – such as troubleshooting, testing, research, statistical and survey purposes, analysing your use of our website (including to personalise and improve your experience on our website using cookies and similar technologies training), developing, maintaining, testing and upgrading our IT systems and infrastructure, and creating accounts and logins for our website, portals and applications;
l) business improvement – such as to analyse and improve our business, products, services and systems (including data analytics and business improvement programs);
m) to process and respond to specific inquiries or issues that you have raised; and
n) for any other purpose required or permitted by law or authorised by you.
3.5 Disclosure of Personal Information
We may share your Personal Information for the purposes set out above to third parties including:
a) our business partners, contractors, subcontractors and service providers (including IT services providers) who assist us with, and provide products and services to support, the operation of our business;
b) our customers where required for a specific business purpose – such as to allow them to assess the suitability of a person to perform work for the customer (including to access and work on customer sites), as part of tenders, bids and proposals we submit, to provide transparent information regarding the resources provided to the customer by the Company, and as part of our reporting requirements to our customers;
c) our professional advisors;
d) regulatory bodies, government agencies and law enforcement bodies;
e) third parties to whom we may choose to sell, transfer or merge parts of our business or our assets;
f) credit reporting bodies and debt collectors;
g) other Downer companies; and
h) any other party authorised by you or to whom we are required or authorised to disclose Personal Information in accordance with applicable law.
We may also use and disclose de-identified information for statistical and business improvement purposes, such as reporting on the achievement of gender, diversity and inclusion.
3.6 Storage
Typically, we will store Personal Information in hard copy and electronic form.
We may engage third party providers to host Personal Information, which may result in storage of Personal Information in countries other than the country where it was collected.
We will take reasonable steps to destroy or permanently de-identify Personal Information once we no longer require it for our business purposes, unless we are required by law to retain it.
3.7 Disclosure of Personal Information Overseas
We may disclose your Personal Information outside the country where it was collected. This may include the following:
a) other Downer companies; and
b) our contracted third-party providers located outside Australia or New Zealand, including UK, EU, USA, India and Philippines.
When we transfer your Personal Information overseas, we will ensure that any third party providers with access to your Personal Information take appropriate measures to protect that information, restrict how they use that information, and comply with the applicable privacy laws.
3.8 Security
We will take reasonable steps to:
a) protect the Personal Information held by us from misuse, interference and loss; and
b) protect the Personal Information held by us from unauthorised access, modification or disclosure.
3.9 Access, Correction and Further Information
We will take such steps as are reasonable to ensure that the Personal Information which we collect remains accurate, up to date and complete.
We will provide you with access to your Personal Information held by us unless we are permitted by applicable law to refuse to provide you with such access. If we refuse your request for access to information, we will give you a written notice explaining our reasons for that refusal and how you may complain about that refusal.
Please contact us via the details below if you:
a) wish to have access to the Personal Information which we hold about you;
b) consider that the Personal Information which we hold about you is not accurate, complete or up to date; or
c) require further information on our Personal Information handling practices.
Australia
The Privacy Officer
Downer EDI Limited
Triniti Business Campus, 39 Delhi Road, North Ryde NSW 2113
AUSTRALIA
E: downer.companysecretary@downergroup.com
Or please contact us by completing the Contact Us form.
There is no charge for requesting access to your Personal Information but we may require you to meet our reasonable costs in actually providing you with access.
If you consider that the Personal Information which we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under applicable law, to correct that information if you so request.
We will respond to all requests for access and/or correction within a reasonable time.
3.10 Openness
From time to time, we may change our Policy on how we handle Personal Information or the types of Personal Information which we hold. Any changes to our Policy will be published on our website and you are encouraged to check the website regularly for updates. Any changes to our Policy will automatically apply to all Personal Information we hold about you. You may obtain a copy of our current Policy from our website or by contacting us on the details listed above.
3.11 Complaints
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your Personal Information, you should advise us via the contact details set out above.
If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) or the Privacy Commissioner (http://privacy.org.nz/contact-us/) as applicable, for guidance on alternative courses of action which may be available.
This Privacy Policy was last updated in September 2022.